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TITLE OF THE INVENTION 

Illegal access discriminating apparatus and method 

BACKGROUND OF THE INVENTION 
Field of the Invention 

The invention relates to illegal access 
discriminating apparatus and method for discriminating 
an illegal access of an attacker to a service providing 
system. More particularly, the invention relates to 
illegal access discriminating apparatus and method for 
discriminating an illegal access of an attacker when an 
authentication is requested to a service providing 
system by combining organic information such as 
fingerprint, iris, or the like to ID information. 
Description of the Related Arts 

At present, an infrastructure of a communication 
line is being established, information equipment such 
as computers or the like are mutually connected through 
the communication line, and the user can use various 
services from a remote place. In such a service 
providing system, when the system is used, whether the 
user is a legal user or not is confirmed by using a 
password. In recent years, a technique to confirm the 
user himself by using organic information such as 
fingerprint, iris, or the like is being established and 
it is considered to apply a collation of those organic 
information to the confirmation of the user himself. 
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in such a service providing system, however, there 
is a possibility such that a person with an evil 
intention except for the legal users can illegally 
easily attack to various information equipment from a 
remote place. For example, since a program to 
automatically find out a password by the own computer 
from a remote place can be formed, an environment where 
the criminal can easily commit a crime is being 
constructed. Therefore, to confirm the user himself in 
response to an authentication demand to use the system, 
a security is raised by combining organic information 
such as fingerprint, iris, or the like to an ID code. 
However, there is a possibility such that if the 
organic information of the legal user can be illegally 
obtained, the equipment of the user is attached by a 
method such that the organic information is 
continuously inputted while changing the ID code. It 
is, therefore, necessary more and more to construct a 
system which is conscious of an attack from a criminal 
even if the organic information is used for personal 
authentication . 



gTTh4MARY OF THP: INVENTION 

According to the invention, for a service 
25 providing system using ID information and organic 

information for an authentication demand, there are 
provided illegal access discriminating apparatus and 
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.ethod for supporting the system by monitoring and 
discriminating an attack of an illegal access person 
who completely became a normal user. 

According to the invention, there is provided an 
illegal access discriminating apparatus characterized 
by comprising: a storing unit for inputting and storing 
ID information and organic information^ based on an 
authentication demand which a service providing system 
received from a user's terminal; a comparing and 
collating unit for comparing and collating the ID 
information and organic information inputted to the 
storing unit with ID information and organic 
information inputted in the past; and a control unit 
for discriminating the authentication demand by an 
illegal access person on the basis of an output of the 
comparing and collating unit and notifying the service 
providing system of a discrimination result. As 
mentioned above, the invention is based on an idea such 
that when the user requests an authentication for 
confirmation of the user himself to the system by using 
the ID information and organic information and they are 
compared with the stored ID information and organic 
information of the authentication demand performed in 
the past, thereby presuming and discriminating whether 
the access is an illegal access by the attacker or not. 
If it is determined that there is a possibility of an 
attack from the attacker who intends to illegally 
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invade the system, a fact that the access is the 
illegal access is notified to the service providing 
system, thereby allowing the user to refuse the 
presentation of services and preventing the invasion. 

The storing unit comprises: an input storing unit 
for inputting and temporarily storing the ID 
information and organic information based on the 
authentication demand which the service providing 
system received from the user; and a use information 
storing unit for storing the ID information and organic 
information based on the authentication demand which 
the service providing system received from the user in 
the past. specifically speaking, the attack of the 
attacker uses the own organic information or forged 
organic information, combines the ID information to it 
at random, and sequentially transmitting an 
authentication demand, thereby trying to invade the 
system. Therefore, the form of the attack can be 
classified to the following three forms. 

Attack form 1: The organic information is fixed and 
an attack is performed while successively 
changing the ID information. 

Attack form 2: The ID information is fixed and 

an attack is performed while successively 
changing the organic information. 
Attack form 3: An attack is performed while 
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successively changing both the organic 
information and the ID information 

The control unit of the invention has the 
following discriminating rules about the illegal access 
corresponding to those attack forms. 
[Discriminating rule 1] 

The control unit determines the authentication 
.emand by the illegal access person in the case where 
the ID information does not coincide and the organic 
information coincides on the basis of an output of the 
comparing and collating unit. This form corresponds to 
the attack form 1 and relates to the case where the 

^y^c foraed organic information or the own 
attacker uses the forgea orgdn-i.*- 

organic information and combines it to the ID 
information of a plurality of users and requests an 
authentication. For example, in case of using a 
fingerprint as organic information, the attacker 
repeats the operation for inputting the ID number of 
the user and pressing a fingerprint scanner while 
n changing the -finger. 

[Discriminating rule 2] 

The control unit determines the authentication 
demand by the illegal access person in the case where 
the ID information coincides and the organic 
information does not coincide on the basis of the 
output of the comparing and collating unit. This form 
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corresponds to the attack form 2 and relates to the 
case where the attacker uses the forged organic 
information or the own organic information and combines 
it to the specific ID information and requests an 
5 authentication. For example, in case of using a 
fingerprint as organic information, the attacker 
repeats the operation for inputting the same ID number 
and pressing fingerprint scanner while changing the 
finger. 

10 [Discriminating rule 3] 

The control unit determines the authentication 
demand by the illegal access person in the case where 
the ID information does not coincide and the organic 
information coincides or in the case where the ID 
15 information coincides and the organic information does 
not coincide on the basis of the output of the 
comparing and collating unit. This form corresponds to 
the attack form 3 and relates to the case where the 
attacker uses the forged organic information or the own 
20 organic information and combines it to the ID 

information of a plurality of users and requests an 
authentication. For example, in case of using a 
fingerprint as organic information, the attacker 
repeats the operation for pressing the fingerprint 
25 scanner while changing the finger by changing the ID 
number of the user. 

[Discriminating rule 4] 
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The storing unit stores a telephone number serving 
as a transmitting source^'^a terminal position such as a 
network address or the like, and an input time in 
correspondence to the ID information and organic 
information which were inputted in the past. The 
control unit determines the authentication demand by 
the illegal access person in the case where a result of 
a comparison between ID information newly inputted from 
the same terminal and the ID information inputted from 
the same terminal within a past predetermined time 
indicates the dissidence. 

The above discrimination is performed by paying an 
attention to a point that the attacker usually 
automatically and concentratedly perform a large number 
of authentication demands by using a computer. The 
illegal use can be discriminated without collating with 
the organic information which was inputted in the past. 
[Discriminating rule 5] 

The control unit discriminates whether the past ID 
information has serial number for the inputted ID 
information or not and determines the authentication 
demand by the illegal access person at a designated 
predetermined number of times in the case where it is 
decided that the past ID information has the serial 
number . 

When the ID information of the users is 
continuously inputted on the basis of the serial 
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number, a possibility of the attack from the attacker 
is further high. This is because there is considered a 
case where the attacker sequentially attacks by using 
the computer. Therefore, by checking whether the 
inputted IDs have the serial number or not, the user 
can have a confidence indicative of the attack from the 
attacker and a probability about the illegal access is 

improved . 

[Discriminating rule 6] 

The control unit detects combinations such that 
the organic information coincides and the ID 
information does not coincide when the inputted organic 
information and the organic information inputted in the 
past coincide and determines the authentication demand 
by the illegal access person when the number of 
combinations reaches predetermined number of times. 

on the other hand, there is also a case where the 
attacker does not illegally access but the legal user 
merely erroneously inputs the ID information. 
Therefore, the user can input again ID information 
up to, for example, three times, thereby avoiding that 
the mistake of the input of the ID information is 
erroneously recognized as an illegal access. 

The comparing and collating unit comprises: an ID 
information comparing unit for comparing the inputted 
ID information and the ID information inputted in the 
past and generating a signal indicative of the 
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coincidence or dissidence; and an organic information 
collating unit for comparing the inputted organic 
information and the organic information inputted in the 
past, generating a signal indicative of the coincidence 
5 of the organic information when a value of a 

predetermined coincidence degree or more is obtained, 
and generating a signal indicative of the dissidence of 
the organic information when a value less than the 
rj: predetermined coincidence degree is obtained, thereby 

ST; 

10 enabling the comparison and collation of the ID 
information and the organic information to be 
i:l individually performed, 

I The illegal access discriminating apparatus of the 

iZ invention further has a timer unit to measure the time, 

1,^; 15 and the ID information and the organic information 

inputted in the past after the elapse of a 
predetermined time from the storage are erased and 
excluded from the targets of comparison and collation. 
In the case where the legal user does not illegally 
20 intend to access but merely erroneously input the ID 

information, if such a fact is stored for a long time, 
a situation such that in spite of a fact that the user 
is a legal user himself, the access is determined to be 
the illegal access, and he cannot access can occur. 
25 Therefore, a time limitation is provided for the 
storage and those information is erased after the 
elapse of a predetermined time, thereby avoiding a 
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situation such that the access is erroneously 
recognized as an illegal access. Generally, since the 
attacker concentratedly attacks in a short time, even 
if the time limitation is provided for the storage, the 
storage to discriminate the illegal access of the 
attacker can be sufficiently obtained. Therefore, even 
if the legal user erroneously inputs the ID information 
any times, the system can be used. Further, since the 
storage time is limited, a memory amount of ID 
information and organic information which were inputted 
in the past is limited and a burden on the collation 
and comparison between the ID information and organic 
information which are newly inputted is reduced. 

The storing unit stores a telephone number serving 
^ as a transmitting source a terminal position such 

as a network address or the like together with the ID 
information and organic information which were inputted 
in the past. The comparing and collating unit compares 
and collates the inputted ID information and organic 
information with the ID information and organic 
information which were inputted in the past from the 
same terminal position. There is a case where the 
attacker attacks as a round robin from a specific 
terminal by using. the forged organic information and 
the own organic information. In this case, the 
operation to compare and collate the inputted ID 
information and organic information with all of the ID 
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.„..rn,a.ion ana organic information whicn were inpu«aa 
in .h. pa« becomes a large burden. Therefore, by 
limiting the terminals to perform the comparison ana 
collation Of the lO information ana organic information 
to a specific terminal to which information is at 
present being inputted, the buraen on the comparison 
and collation is reauced. 

The illegal access discriminating apparatus of the 
invention further has a log recording unit to record 
information of the illegal access person. « least any 
of the organic information of the illegal access 
. person,;;he telephone number of the illegal access 
person or the terminal position such as a networK 

^ =,nd the ID information serving as 

address or the like, ana the 

3 target of the illegal access is recordea in the log 

recoramg unit. When considering that it is difficult 

.0 steal the organic information as compared with the 

= r^r-oh«bili-tv such that the used 
ID information, a probaiDiJ-i-cy 

organic information is the information of the attacker 
is high. By logging such organic information, it can 
be used as a clue of criminal investigation ana can be 
usea to specify the illegal access person or an 
eviaence. By storing the position of the terminal, the 
time, and the like, they become clues of criminal 
investigation. When there is an attack from the 
attacker, the terminal can be actively eKamined with 
reference to the log recording unit. Further, by 
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.ecoralng ana s.cring .he ID information which became 
.he «r.et of, the attacK, it can he u.ea for a security 
measure against the re-attack. 

The illegal access aiscrimlnating apparatus of the 
invention further comprises: an authentication demand 
terminal address recording unit for recording the 
numher of times of authentication demand every terminal 
address; and a same terminal access detecting unit for 
detecting that the authentication demand has been 
performed a predetermined number of times or more 
within a predetermined time by referring to the 
authentication demand terminal address and activating 
the comparing and collating unit and the control unit, 

access to be discriminated, 
thereby allowing an illegal access 

only in the case where the number of times of 

authentication demand from the same terminal such that 

it cannot be considered in ordinary worKs is detected. 

the discrimination of the illegal access basea on the 

comparison and collation of the ID information and 

organic information is activated and a processing 

burden on the illegal discrimination can be reduced. 

AS organic information which is used in the illegal 

access discriminating apparatus, a fingerprint, a 

• • ,^:>■^-^-f.rn a retina blood vessel 
voiceprint, an xrxs pattern, 

pattern, a palm shape, an ear shape, a face, a 

Ti- can be assumed that 
signature, or the like xs used. It can 

^«r-iii-ia-r to the human 
those organic information xs peculiar to 
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.eln.. T.e illegal ac..ss is aiscri.inat.a on ... 
,ssu™p.ion tha. a si.ua.ion such .ha. .h. organic 

information differs does not occur. 

„nen the authentication demand by the illegal 
access person is decided, the control unit 

„r,i-1fies the service providing system 
automatically notifies tne 

administrator of the discrimination result. The 
automatic notification to the administrator by the 
control unit is performed by using a fi.ed telephone, a 
cellular phone, an E-mail, a dedicated communication 

HUB If it is decided 
line, a warning light, or the like. 

mat there is an attack from the attacker, by notifying 
such a fact from the system side to the system 
administrator side, the system administrator doesn't 

c;o that a management 
need to always monitor the system, so tha 

t,urden on the administrator side is reduced, m the 
automatic notification, by using a telephone or K-mail 
Which is Widely spread, the costs can be reduced. 

.he invention further provides an illegal access 
discriminating method, comprising: 

a storing step of inputting and storing ID 
information and organic information based on an 

^ v,-^v, c^ervice providing system 
authentication demand whxch a service p 

received from the user; 

a comparing and collating step of comparing and 
collating the inputted ID information and organic 
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,„fo.n.«ion wi* ID .nfo.n,atio„ and organic intonation 

which were inputted in the past; and 

a discrimination control step of discriminating an 

authentication demand by an illegal access person on 
.he hasis of an output in said comparing and collating 
step and notifying the service providing syste. of a 

1-H The details of the illegal 
discrimination result. The derai 

^o-t-hnd are fundamentally the same 
access discriminating method are xu 

as those of the apparatus construction. 

The above and other objects, features, and 
advantages of the present invention will become more 
apparent from the following detailed description with 
reference to the drawings. 

BRIEF_DESCRIPTIQN^F_T^^ 

Pig 1 is a block diagram of the first embodiment 
Of the invention for comparing and collating input 
information of an authentication demand and all of past 

^•^r. -hhie^rebv discr iminatxng an 
input storage information, thereby a 

illegal access; 

Fig. 2 is an explanatory diagram of a use 
information storing unit in Fig. 1 having a fixed 

Storage capacity; 

Fig 3 is an explanatory diagram of an illegal 
. access and the use information storing unit to which a 
discriminating rule 1 in which the organic information 
is fixed and ID information is changed is applied; 
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Fig. 4 is an explanatory diagram of an illegal 
access and the use information storing unit to which a 
aiscriminating rule 2 in which the ID information is 

fixed and the organic information is changed is 

applied; 

Fig. 5 is an explanatory diagram of an illegal 
access and the use information storing unit to which a 
aiscriminating rule 3 in which both the ID information 
and the organic information are changed is applied; 
□ Fig. 6 is a flowchart for an illegal access 

discriminating process in Fig. 1; 

Fig. 7 is a blocK diagram of the second embodiment 
of the invention having a logging function to store 
identify information of an illegal access person; 
,5 Figs. 8A and 8B are flowcharts for an illegal 

access discriminating process in Fig. 7; 

Figs. 9A and 9B are block diagrams of the third 
embodiment of the invention having a time measuring 
function and an automatic notifying function to a 
20 system administrator; 

Fig. 10 is an explanatory diagram of a use 
information storing unit in Figs. 9A and 9B; 

Figs. IIA and HE are flowcharts for an illegal 
access discriminating process in Figs. 9A and 9B; 
25 Figs. 12A and 12B are block diagrams of the third 

embodiment of the invention having a storing function 
of a terminal address; 
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Fig. 13 is an explanatory diagram of a terminal 

^ = ,.c:f» information storing unit 
address storing unit and a use intor 

in Figs. 12A and 12B; 

Figs. 14A .nd 14B are flowcharts for an illegal 
acoess aisori^inating process in Fig. 13 which is 
activated when there is an authentication demand of a 
predetermined n«ber of ti.es fro. the same terminal 
within a predetermined time: 

Fig. 15 is a flowchart for the illegal access 
discriminating process in Fig. 13 to which a 
discriminating rule 4 for discriminating an illegal 
access hy only ID information inputted from the same 
terminal within a predetermined time is applied; 

Fig. 16 is a flowchart for the illegal access 
discriminating process in Fig. 13 to which a 

. . , ^,.ie 5 for discriminating an illegal 

discriminating rule o iuj. 

•^^,,-1- r-i-F TD inf ormation is 
access from a serial number xnput of ID 

applied; and 

Fig. 17 is a flowchart for the illegal access 

discriminating process in Fig. 13 to which a 
discriminating rule 6 for distinguishing an erroneous 
input hy a legal user and an input hy an illegal access 
with respect to ID information is applied. 

Fig. 1 is a block diagram of the first embodiment 
of an illegal access disoriminating apparatus of the 
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invention. . service providing system 10 serving as a 
aiscrin.ina.ion «r.e. of an illegal access according to 
,.e invention receives a service request fro™ a user 
terminal 14 through a networ. such as Internet, 
xntranet, or the li.e and provides a service requested 

the user in an on-line .anner. Such a service 
providing system 10 is a syste. for providing a proper 
service such as a database syste. having an on-lrna 

■i-K^ like For example, it is a 
searching function or the like. 

<=«r. hv a areat number of legal users 
system which is used by a grea^ 

exceeding .iHion users or the liKe. When the user 
„.es the service providing system 10 hy an access fro. 

^r^rMi-i-c: ID informa-bion 30 
the user terminal 14, the user rnputs ID 

and organic information information, 32 peculiar to 
the user which have previously been registered on the 

. „ 1 r\ ci de and issues an 

service providing system 10 side an 

authentication demand (authentication demand to confirm 
the user himself, to confirm that he is a legal user 
from the user terminal 14 to the service providing 
..stem 10 Via the networK 12. In the embodiment, an 
example of using a fingerprint as organic information 
32 Which is inputted by the user will be described. 
However, organic information such as iris, voiceprint, 
retina blood vessel distribution, signature, or the 
..Ke other than the fingerprint can be used. Although 
the Kind of organic information differs depending on an 
organic information collating system provided on the 



- 18 



service providing syste. 10 side, for example, in case 
of a fingerprint, a fingerprint image or organic Key 
information extracted from the fingerprint image rs 
.sed. When the user requests to use the service 

c-^.m 10 the ID information 30 and organic 
providing system lU, tne 

. • ^2 of the legal user have previously been 
information 32 ot rne x«ya 

registarea on the service providing system 10 side. 

^r^r^„-l-c: -the ID information 30 
Therefore, when the user inputs the 

and organic information 32 and requests the 
authentication from the user terminal 14 to the service 
providing system 10, the pre-registered organic 
information 32 is read out in correspondence to the 
authentication demanded ID information 30 on the 
service providing system 10 side. The inputted organic 
information 32 and the registered organic information 
are collated. When a coincidence degree of a 
predetermined value or more is obtained, it is 
determined that the organic information is the same 
(collation coincidence) and the use of the service 

H-on, 10 is permitted to the authenticated 
providing system 10 is permiu 

demanded user terminal 14. T. discriminate an illegal 
access an attac.er. an illegal access discriminating 
system 16 of the invention is provided as a supporting 
apparatus for the service providing system 10 using a 
, c^mhlnation of the ID information 30 and organic 

information 32 for such an authentication demand. The 
illegal access discriminating system 16 is constructed 
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by: an organic Information input storing unit 18; an ID 
information input storing unit 20; a use information 
storing unit 22; an organic information collating unit 
24- an ID information comparing unit 26; and a control 
unit 28. When th. authentication demand using the ID 
information 30 and organic Information 32 is issued 
from the user terminal 14 to the service providing 
system 10, the organic Information 32 and ID 
information 30 Inputted to the service providing system 
iO are temporarily Inputted and stored into the organic 
information input storing unit IB and ID information 
input storing unit 20. respectively. The ID 
information and organic information which were inputted 
in the past hy the authentication demand from the user 
terminal 14 to the service providing system 10 have 
been stored as pairs In the use information storing 
unit 22 • 

Fig. 2 Shows storage contents In the use 
information storing unit 22 In Fig. 1- ^he use 
information storing unit 22 has an ID information 
storing area 22-1 and an organic Information storing 
area 22-2 and stores the ID information and organrc 
information as pairs ll.e, for example, (IDOl, LBOl). 
(1005. LB05,. .... A storing area of the use 
information storing unit 22 has a memory capacity which 
is determined by. for example, hexadecimal addresses 
0000 to Pr.F, so that the pairs of ID information and 
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o.,an.c .n^or^ation whic. were inpu«ed lates. as .any 
as only a £l=<ed number whioh is determined by a 
physical memory capacity are stored. 

Referring again to Fig. 1. "hen tne organic 
information is inputted and stored into the organic 
information input storing unit 18, the organic 
information collating unit 24 collates it with the 
organic information which was inputted in the past and 
stored in the use information storing unit 22. In the 
collation Of the organic information, a coincidence 
degree between the inputted organic information and the 
organic information which was inputted in the past is 
Obtained. If the coincidence degree is egual to or 
larger than a predetermined value, an output of the 
collation coincidence is generated. If the coincidence 
degree is less than a predetermined value, an output of 
the collation dissidence is generated, Since the 
processes for collating and comparing the organic 
information and the ID information by the organic 
information collating unit 24 and ID information 

information and organic information from the user 
terminal 14 to the service providing system 10, the 
processing operations for collating and comparing are 
Simultaneously performed. The control unit 28 receives 
a collation result of the organic information collating 
unit 24 and a comparison result of the ID information 
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comparing uni. 26, discriminates abou. t.e illegal 
access by ..e a«ac. fro. the attacKer. ana notifies 
the service providing system iO of a discrimination 

result . 

The discrimination about the illegal access by the 
control unit 28 is performed on the basis of the 
following three discriminating rules. 

Discriminating rule 1: 

„nen the ID information does not coincide and the 
organic information coincides on the basis of the 
comparison and collation results, it is determined that 
,.ere is an authentication demand by the illegal access 

person. 

Discriminating rule 2: 

„,>en the ID information coincides and the organic 
information does not coincide on the basis of the 
comparison and collation results, it is determined that 
there is an authentication demand by the illegal access 

person. 

Discrimina-ting rule 3: 

When the ID information does not coincide and the 
organic information coincides or when the ID 
information coincides and the organic information does 
not coincide on the basis of the comparison and 

i^<= it is determined that there is an 
collation results, it is 

^ V. -i-v,^ i 1 leaal access person, 
authentication demand by the illegal 
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Fig. 3 shows the illegal access which is 

.iscriminated hy the control unit 28 in accordance with 

the discriminating rule 1 and storage contents in the 

use information storing unit 22 at that time. An 

illegal access 25-1 relates to a case where the 

attacRer attaches while changing the ID information to 

IDl, ID2, ID3, and ID4 by using one organic information 

LBl by the own fingerprint or forged fingerprint. 

specifically speaking, the attacker repeats the 

operation for inputting the ID number of the legal user 

and pressing the fingerprint scanner while changing the 

2S^. in response to the illegal authentication 

demand by the attacker of such an illegal access 25-1, 

rinl LBl) (ID2, LBl), (ID3, LBl ) , and (ID4, 
the parrs (IDl, uaD, K^^-^r 

LBl) of the inputted ID information and organic 
information are stored in the u.e information storing 
unit 22 of the illegal access discriminating system 16 
Of the invention in correspondence to Input times tl to 
t4 of the illegal access 25-1. Although the illegal 
access 25-1 by the attacKer is continuously performed 
at times tl to t4, since the system also accepts 
authentication demands from the other legal users for 
such a period of time, the storage corresponding to the 
illegal access 25-1 is discretely performed in the use 
information storing unit 22 as shown in the diagram. 

such an attacKer performs an illegal authentication 
demand by combining a plurality of ID information to 
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one organic information, the discriminating rule 1 
applied to the control unit 28 of the invention, 
^.ccording to the discri.ihating rule 1. when the ID 
information does not coincide and the organic 
information coincides on the basis of the comparison 
end collation results, it is determined that there is 
an authentication demand hy the illegal access person. 
The discriminating process to the illegal access 25-1 
in Fig. 3 by the discriminating rule 1 is as follows. 
Pirst, With respect to the input pair (lOl. .Bl , of the 
,irst illegal access at time tl, even if it is compared 
end collated with the pair stored in the use 

- ■>'> =inoe there is no relevant 
information storing unit 22, since t 

peir both the ID information and the organic 
information do not coincide. Subsequently, when the 
input pair (1D2, LBl , by the second illegal access rs 
inputted at time t2, since the illegal input pair (IDl. 
LBl) at time tl has already been stored in the use 
information storing unit 22 at this time, by the 
comparison and collation between the illegal input pair 
inputted at time t2 and the pair which was inputted at 
time tl and has already been stored, the ID information 
does not coincide and the organic information 
coincides, so that the condition of the discriminating 
.ule 1 is satisfied. Therefore, at a point when the 
pair (1D2, LBl) by the illegal access is inputted at 
time t2, the control unit 28 of the invention 
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determines that there is the authentication demand by 
the illegal access person in accordance with the 
discriminating rule 1. As for the input of the pair 
(ID3, LBl) by the illegal access at time t3, the 
condition of the discriminating rule 1 in which the ID 
information does not coincide and the organic 
information coincides is satisfied between the two 
pairs (LDl, LBl) and (LD2, LBl) stored in the use 
information storing unit 22 at times tl and t2, so that 
the illegal accesses as many as two times can be 
discriminated. Further, with respect to the input of 
the pair (ID4, LBl) by the illegal access at time t4, 
the authentication demands by the illegal access person 
as many as three times are determined by the comparison 
and collation among the three stored pairs at times tl 
to t3 inputted in the past and stored in the use 
information storing unit 22. 

Fig. 4 shows the illegal access to which the 
discriminating rule 2 by the control unit 28 in Fig. 1 
is applied and storage contents in the use information 
storing unit 22 at that time. According to the 
discriminating rule 2, when the ID information 
coincides and the organic information does not coincide 
on the basis of the comparison and collation results, 
it is determined that there is an authentication demand 
by the illegal access person. The discriminating rule 
2 assumes the case where the attacker uses the forged 
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organic information or own organic information and 
combines it to specific ID information and requests the 
authentication. For example, it relates to the case 
like an illegal access 25-2 in Fig. 4 where the 
5 attacker uses IDl as specific ID information and 

combines the own organic information or forged organic 
information LBl, LB2, LB3, and LB4 to IDl and requests 
the authentication. Specifically speaking, the 
attacker repeats the operation for inputting the same 
10 ID number and pressing the fingerprint scanner while 
changing the finger. As mentioned above, if there is 
the illegal access 25-2 such that the attacker requests 
the authentication by using the fixed ID information 
while changing the organic information, the input pair 
15 of the illegal access is discretely stored in the use 
information storing unit 22 in correspondence to it. 
As for such an illegal access 25-2, the discrimination 
about the illegal access by the discriminating rule 2 
is performed in the following manner. First, when the 
pair (IDl, LBl) by the illegal access at time tl is 
inputted, since the pair corresponding to the illegal 
access is not stored in the use information storing 
unit 22, the comparison and collation results with 
respect to both the ID information and the organic 
information indicate dissidence and the illegal access 
by the discriminating rule 2 cannot be discriminated. 
Subsequently, when the pair (IDl, LB2) by the illegal 
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access 25-2 is inputted at time t2, since the pair 
(IDI, LBl) which was inputted at time tl and stored 
exists in the use information storing unit 22, the 
condition of the discriminating rule 2 such that the ID 
information coincides and the organic information does 
not coincide is satisfied by the comparison and 
collation of both pairs, so that it is determined that 
there is the authentication demand by the illegal 
access person. With regard to times t3 and t4 of the 
illegal access as well, since the stored pairs by the 
illegal access exist before such time points, it is 
similarly determined that there is the authentication 
demand by the illegal access person in accordance with 
the discriminating rule 2. In case of time t3, the 
15 number of times of discrimination about the illegal 

access is equal to 2 and that at time t4 is equal to 3. 

Fig. 5 is an explanatory diagram of the illegal 
access to which the discriminating rule 3 to 
discriminate the illegal access by the control unit 28 
in Fig. 1 is applied and storage contents in the use 
information storing unit 22 at that time. The 
discriminating rule 3 corresponds to the case where the 
illegal accesses presumed by the discriminating rule 4 
in Fig. 3 and the discriminating rule 2 in Fig. 4 
mixedly exist. That is, according to the 
discriminating rule 3, when the ID information does not 
coincide and the organic information coincides or when 
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the ID information coincides and the organic 
information does not coincide on the basis of the 
comparison and collation results, it is determined that 
there is an authentication demand by the illegal access 
person. An illegal access 25-3 relates to the case 
where the attacker performs an attack such that, for 
example, three IDl, ID2, and ID3 are prepared as a 
plurality of ID information, the own fingerprint or 
three fingerprints LBl, LB2, and LB3 are further 
prepared as organic information, and an authentication 
demand is performed as shown at times tl to t9 by using 
the pairs comprising the combinations of them. In the 
case where there is an input pair of the authentication 
demand by such an illegal access 25-3, the illegal 
access is discriminated by the discriminating rule 3 in 
accordance with the following manner. First, in the 
pairs (IDl, LBl), (ID2, LB2 ) , and (ID3, LB3 ) of the 
illegal access 25-3 at times tl to t3, when they are 
compared with the pairs stored in the use information 
storing unit 22 at the respective input time points, 
comparison results indicate dissidence with respect to 
both the ID information and the organic information. 
Therefore, not only the illegal accesses by the 
discriminating rules 1 and 2 which have already been 
25 described but also the illegal access by the 
discriminating rule 3 in this case cannot be 
discriminated. Subsequently, when the pair (IDl, LB3 ) 
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of a different combination although it has already been 
used is inputted at time t4 by the illegal access, the 
condition of "the ID information does not coincide and 
the organic information coincides" of the 
5 discriminating rule 1 which has already been described 
is satisfied between the storage pair (ID3, LB3 ) at 
time t3 stored in the use information storing unit 22 
and the input pair (IDl, LBS) at time t4, so that it is 
determined that there is an authentication demand by 
10 the illegal access person. At the same time, the 
condition of "the ID information coincides and, the 
organic information does not coincide" of the 
discriminating rule 2 which has already been described 
is satisfied between the storage pair (IDl, LBl ) at 
15 time tl and the input pair (IDl, LBS) at time t4, so 
that it is likewise determined that there is an 
authentication demand by the illegal access person. As 
mentioned above, according to the discriminating rule 
3, when the attacker performs the illegal 
20 authentication demand while changing both the ID 

information and the organic information like an illegal 
access 25-3, the discrimination results of the illegal 
access by both the discriminating rules 1 and 2 are 
simultaneously obtained at a certain input time point. 
25 This point is similarly applied to the input pairs of 
the illegal access at times t5 and t6. Further, with 
respect to the input pairs of the illegal access at 
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times t7 to t9, since the two same ID information and 
the two same organic information respectively exist at 
times tl to t3 and times t4 to t6 of the use 
information storing unit 22, for example, as for the 
5 input pair ( IDl, L& -) by the illegal access at time t2, 
the discrimination results of the illegal access of two 
times by each of the discriminating rules 1 and 2 are 
obtained, so that the total four discrimination results 
of the illegal access can be simultaneously obtained. 
10 This point is similarly applied to the input pairs of 
the illegal access at times t8 and t9 . As a method of 
using the discriminating rules 1 to 3 for three kinds 
of illegal accesses by the control unit 28, in the case 
where it is difficult to forge the organic information, 
15 since the attacker changes the ID information by using 
the same organic information, it is sufficient to use 
the discriminating rule 1. On the other hand, in the 
case where it is relatively easy to forge the organic 
information, it is sufficient to use the discriminating 
20 rule 2 to determine the illegal access in the case 
where the ID information coincides and the organic 
information does not coincide. The most powerful 
discriminating rule is the discriminating rule 3 
corresponding to the case where the attacker changes 
25 both the ID information coincides the organic 
information. 

Fig. 6 is a flowchart for the illegal access 
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discriminating process in the first embodiment of the 
illegal access discriminating system 16 in Fig. 1 and 
the discriminating rule 3 shown in Fig. 5 is applied as 
a discriminating rule of the control unit 28. First in 
step SI, when there is an authentication demand from 
the user terminal to the service providing system 10, 
the ID information and organic information received in 
response to the authentication demand are obtained in 
step SI and stored into the organic information input 
storing unit 18 and ID information input storing unit 
20, respectively. Subsequently, in step S2, the 
inputted and stored organic information is collated 
with all of the organic information stored in the use 
information storing unit 22. In step S3, the inputted 
and stored ID information is compared with all of the 
ID information stored in the use information storing 
unit 22. Results by the collation of the organic 
information and the comparison of the ID information in 
steps S2 and S3 are notified to the control unit 28. 
In steps S4 and S5, the discrimination of the 
comparison and collation results according to the 
discriminating rule 3 is performed. First, step S4 
relates to the discrimination by the discriminating 
rule 1 and a check is made to see if the organic 
information coincides and the ID information differs. 
When the condition in step S4 is satisfied, step S6 
follows and it is determined that there is an attack 
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from the attacker and this fact is notified to the 

service providing system 10. In step S5, a check is 

made to see if there is the storage pair according to 

the discriminating result 2 in which the ID information 

5 coincides and the organic information differs. When 

the condition in step S5 is satisfied, step S6 follows 

and it is determined that there is an attack from the 

attacker and this fact is notified to the service 

providing system 10. On the other hand, when the 

10 /) condition of the discriminating rule 1 in step S4 is^ 

satisfied and the condition of the discriminating rule 

2 is not satisfied in step S5, it is determined that 

Pi there is'^ an attack from the attacker and this fact is 
A 

notified to the service providing system 10. Even if 
15 the collation coincidence is obtained between the ID 
information and organic information inputted at that 
time and the ID information and organic information 
which have previously been registered, the service 
providing system 10 which received the notice 
20 indicative of the attack from the attacker from the 
illegal access discriminating system 16 of the 
invention requests the user side to input other user 
information, for example, a birthday or the like other 
than the ordinary authentication, thereby taking a 
25 defensive measure against the illegal access. If it is 
known that the contents of the illegal access notified 
from the illegal access discriminating system 16 
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obviously indicate the attack by the attacker like, for 
example, an illegal access 25-3 in Fig. 5, a warning is 
issued to the user and the presentation of the services 
is refused. That is, by receiving the notice 
indicative of the authentication demand by the illegal 
access person from the illegal access discriminating 
system 16 according to the invention, the service 
providing system 10 can promptly take a proper 
defensive measure corresponding to the contents of the 
illegal access. In step S8 subsequent to step S6 or 
S7, the organic information and the ID information 
which have temporarily stored in the organic 
information input storing unit 18 and ID information 
input storing unit 20 in step SI are stored into the 
use information storing unit 22. In this case, if the 
use information storing unit 22 is filled with the 
information, the oldest storage pair is provided and a 
new input pair is stored. 

Fig. 7 is a block diagram of the second embodiment 
of an illegal access discriminating apparatus of the 
invention. The second embodiment is characterized in 
that a log recording unit 34 is further provided for 
the illegal access discriminating system 16 in Fig. 1. 
The other construction is substantially the same as 
that of the embodiment of Fig. 1. When it is 
determined by the control unit 28 that there is the 
illegal access by the attack from the attacker. 
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information regarding the identity of the illegal 
access person is recorded in the log recording unit 34. 
The following information is recorded in the log 
recording unit 34 . 

5 

I. Organic information at the time of an illegal 
access 

II. Input time of the illegal access 

III. Telephone number of the illegal access or 
10 network address 

IV. ID information as a target of the illegal access 

The telephone number of the user terminal which 
performed the illegal access or the network address can 

15 be collected from, for example, a protocol layer of a 
network communicating unit provided for the service 
providing system 10. 

Figs. 8A and 8B are flowcharts for an illegal 
access discriminating process according to the second 

20 embodiment of Fig, 7. The discrimination about the 

illegal access by the comparison and collation between 
the organic information and ID information and the 
inputted and stored organic information and ID 
information in steps SI to S6 is substantially the same 

25 as that in the flowchart of Fig. 6 except for the 

following point. That is, when the illegal access is 
decided in step S7 after it was determined that there 
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was the attack from the attacker and this fact was 
notified to the service providing system 10 in step S6, 
the organic information and the time which were 
inputted and stored are recorded into the log recording 
unit 34. As mentioned above, in the second embodiment 
of Fig. 7, by recording the organic information, time, 
and the like when the illegal access is decided into 
the log recording unit 34 and leaving the identity 
information of the attacker himself, who is the 
attacker can be proved or the like in the subsequent 

criminal investigation. 

^ 6 

f\ Figs. 9 A and -9- are block diagrams of the third 

A 

embodiment of an illegal access discriminating 
apparatus of the invention. The third embodiment is 
characterized by further providing a timer unit 36 and 
an E-mail sending unit 38 for the illegal access 
discriminating system 16 in the second embodiment. The 
other construction is substantially the same as that of 
the embodiment of Fig. 1. The timer unit 36 measures 
and holds "year, month, day, hour, minute" as time 
information and notifies the use information storing 
unit 22 and control unit 28 of the time information. 
The control unit 28 controls the storage contents in 
the use information storing unit 22 on the basis of the 
time information from the timer unit 36 and erases the 
storage pair of the ID information and organic 
information after the elapse of a predetermined time 
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from the storage. Thus, only the pairs of the ID 

information and organic information which were inputted 

in the past within the predetermined time from the 

input are stored. The number of times of collation and 

5 comparison with the past stored information by the 

organic information collating unit 24 and ID 

information comparing unit 26 which are executed when 

the input of the organic information and ID information 

from the service providing system 10 in response to the 

10 authentication demand from the user terminal 14 is 

received can be limited. The burden on the 

discriminating process in the illegal access 

discriminating system 16 can be reduced. Even if the 

number of pairs of the ID information and organic 

15 information which were inputted in the past and stored 

into the use information storing unit 22 is limited as 

mentioned above, since the attack from the attacker is 

usually continuously performed in a short time in many 

cases, no problem occurs when the illegal access by the 

20 ^ a**aeher is discriminated. Further, in the third 
/\ 

embodiment of Figs. 9A and 9B, since the E-mail sending 
unit 38 is provided, when it is determined that there 
is the illegal access by the attack from the attacker, 
the control unit 28 notifies the E-mail sending unit 38 
25 of a fact that there is the illegal access by the 

attacker. The E-mail sending unit 38 forms an E-mail 
to notify a fact that the service providing system 10 
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was attacked by the attacker, dispatches the formed E- 
mail to a mail system 40, and transmits it to a system 
administrator 44 via the network such as LAN, WAN, or 
the like. Thus, the system administrator can 
immediately know that there is the attack by the 
attacker to the service providing system 10. 
Therefore, the system administrator 44 doesn't need to 
always monitor a status of the system for the illegal 
access by checking a log of the service providing 
system 10 or the like. The burden on the system 
administrator is remarkably reduced and the system 
administrator can immediately take a proper 
countermeasure against the attack of the attacker. 

Fig. 10 shows the storage contents in the use 
information storing unit 22 in Figs. 9 A and 9B. In 
addition to the ID information storing area 22-1 and 
organic information storing area 22-2, a time 
information storing area 22-3 is provided. 
"9809170935" showing "year, month, day, hour, minute" 
has been stored like, for example, address "OOOOh" in 
the time information storing area 22-3. 

The control unit 28 performs a storage control to 
erase the storage pairs after the elapse of a 
predetermined time from the stored contents by using 
the time information stored in the use information 
storing unit 22 together with the pair of ID 
information and organic information. For example, now 
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assuming that the present time is labelled to tn and 
the information was stored into address "8000h'\ the 
control unit 28 sets, for instance, a predetermined 
time (T = 60 minutes) as a storage time. Now assuming 
5 that the contents at the time that is predetermined 
time (T = 60 minutes) before the present time tn are 
the storage contents at time tn-1 in address "OOOlh", 
the storage contents at time tn-2 in address "OOOOh" 
before it are erased. Thus, only the pairs of the ID 
10 information and organic information stored for a period 
f) of time of (jf = 60 minutes) from the present time tn 
are stored together with the time information into the 
use information storing unit 22. A storage amount in 
the use information storing unit 22 can be limited to a 
15 proper amount that is necessary for the illegal access. 
The burden on the processes for the comparison and 
collation between the inputted organic information and 
ID information and the organic information and ID 
information stored in the use information storing unit 
20 22 can be reduced. 

Figs. IIA and IIB are flowcharts for an illegal 
access discriminating process in the third embodiment 
of Figs. 9 A and 9B. The process to discriminate the 
illegal access by comparing and collating the organic 
25 information and ID information which were inputted and 
stored and the stored organic information and ID 
information in steps SI to S6 is the same as that in 



- 38 - 

the flowchart of the second embodiment of Figs. 8A and 
SB. On the other hand, when the illegal access is 
decided and a fact that there is the attack from the 
attacker is notified to the service providing system 10 
in step S6, the control unit 28 notifies the E-mail 
sending unit 38 of the fact that the system was 
attacked by the attacker and issues an E-mail to the 
system administrator 44 in step S7. Further in next 
step S9, the control unit 28 erases the stored pairs of 
the organic information and ID information after the 
elapse of a predetermined time from the storage by 
using the time information of the present time sent 
from the timer unit 36 and the time information stored 
in the use information storing unit 22 as shown in Fig. 
10. After completion of the erasure of the stored 
pairs, the pair of ID information and organic 
information which were temporarily inputted and stored 
in the organic information input storing unit 18 and ID 
information input storing unit 20 at that time are 
stored into the use information storing unit 22 
together with the time information derived from the 
timer unit 36 in step SIO. 

Figs. 12A and 12B are block diagrams of the fourth 
embodiment of an illegal access discriminating 
apparatus of the invention. In the fourth embodiment, 
a terminal address storing unit 48 and a same terminal 
access detecting unit 50 are further provided for the 
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third embodiment of Figs. 9A and 9B. An alarm signal 
generating unit 54 is provided in place of the E-mail 
sending unit 38 in Figs. 9A and 9B. The other 
construction is substantially the same as that in the 
third embodiment of Figs. 9A and 9B. When the 
authentication demand using the pair of ID information 
and organic information is performed from the user 
terminal 14 to the service providing system 10, the 
terminal address storing unit 48 stores the telephone 
number or network address of the user terminal 14 which 
requested the authentication. The telephone number or 
network address when the user terminal 14 requested the 
authentication are derived from a network communicating 
unit 52 provided for the service providing system 10. 
Specifically speaking, the telephone number or network 
address can be obtained as a reception parameter in a 
protocol layer of the network communicating unit 52. 

Fig. 13 shows the storage contents in the terminal 
address storing unit 48 in Figs. 12A and 12B together 
with the use information storing unit 22. An address 
of the user terminal used by the attacker in the case 
where he attacked while changing both the ID 
information and the organic information like an illegal 
access 25-3 in Fig. 5 is stored in the terminal address 
storing unit 48 with respect to times tl to t5. A same 
terminal address Al is stored. The storage pair 
corresponding to the input pair of ID information and 
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organic information by the illegal access at times tl 
to -fe6-of the illegal access in Fig. 5 has been stored 
in the use information storing unit 22 together with 
the time information tl to t5. 

Referring again to Figs. 12A and 12B, the same 
terminal access detecting unit 50 detects whether a 
condition of "there is an authentication demand of a 
predetermined number of times or more from the same 
terminal position within a predetermined time" is 
satisfied or not with reference to the terminal address 
storing unit 48. When it is detected that such a 
condition is satisfied, a process to discriminate the 
illegal access is requested to the control unit 28. 
For example, when considering the terminal address 
storing unit 48 in Fig. 13, the same terminal access 
detecting unit 50 discriminates whether there is the 
authentication demand of a predetermined number N of 
times or more (for example, N = 5 or more) from the 
same terminal address within a past predetermined time 
Tl (for example, Tl = 15 minutes) from the input time 
of a new authentication demand or not. In this case, 
since there is the authentication demand of five times 
from the same terminal address Al within the past time 
(Tl = 15 minutes) at a point of input time t5, the same 
terminal access detecting unit 50 requests the control 
unit 28 to perform the discriminating process of the 
illegal access. Therefore, the control unit 28 
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activates the organic information collating unit 24 and 
ID information comparing unit 26 and compares and 
collates the input pair (ID2, LB2 ) at time t5 with the 
storage pairs stored so far. In this case, since the 
5 discriminating rule in Fig. 5 is satisfied between the 
input pair and the storage pairs at times tl, t2, t3, 
and t4 shown in the use information storing unit 22 and 
it is determined that there is the authentication 
E3 demand by the illegal access person. Since the attack 

«S 10 by the attacker is continuously performed in a short 

time, it is sufficient that the predetermined time Tl 

-■4 

l§ to discriminate the number N of times of authentication 

ffri 

£ demand which is performed from the same terminal in the 

=, .5- 

r ~ 

£3 same terminal access detecting unit 50 is set to a time 

5=y 15 of up to about 30 minutes to one hour. The number N of 

'5 accessing times from the same terminal is set to (N = 

5) as an example. However, it is sufficient that the 
number N of accessing times from the same terminal 
access to requests the process of the illegal access is 
20 determined on the basis of the number of permission 
retry times which are performed due to an erroneous 
input of the ID information by the legal user. For 
example, in case of Fig. 13, since the discrimination 
about the illegal access is requested when N = 5, the 
25 retry due to the erroneous input of the ID information 
by the legal user is permitted up to four times. 

Referring again to Figs. 12A and 12B, when the 
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authentication demand by the illegal access person is 
determined by the control unit 28, to inform the system 
administrator of a fact that the system was attacked by 
the attacker, the alarm signal generating unit 54 sends 
an alarm signal to the system administrator 44 via a 
network 42, thereby allowing an alarm to be generated. 
In this case, further, besides the organic information 
and ID information which were temporarily stored in the 
organic information input storing unit 18 and ID 
information input storing unit 20 when the 
authentication demand by the illegal access person is 
determined by the control unit 28, the log recording 
unit 32 records the telephone number or network address 
of the user terminal from the terminal address storing 
unit 48 and, further, records the time information from 
the timer unit 36. 

Figs. 14A and 14B are flowcharts for an illegal 
access discriminating process according to the fourth 
embodiment of Figs. 12A and 12B. In step SI, the 
organic information and ID information received by the 
service providing system 10 from the user terminal 14 
are obtained and inputted and stored into the organic 
information input storing unit 18 and ID information 
input storing unit 20, respectively, and for example, 
the network address of the user terminal 14 derived 
from the network communicating unit 52 at that time is 
recorded into the terminal address storing unit 48. In 
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subsequent step S2, the same terminal access detecting 
unit 50 discriminates whether there is a use request, 
namely, authentication demand of a predetermined number 
of times or more from the same terminal within a 
5 predetermined time or not with reference to the 

terminal address storing unit 48. When the condition 
in step S2 is satisfied, the illegal access 
discriminating process similar to that in the 

£3 embodiment of Fig. 2 is performed as shown in steps S3 

10 to S7 and S9. When the authentication demand by the 

illegal access person is decided and the attack by the 

ly attacker is notified to the service providing system in 

- step S7, an alarm signal is issued from the alarm 

I - 

signal generating unit 54 to the system administrator 
IZ 15 44, thereby notifying that there is the attack from the 

''"z attacker to the service providing system 10. 

Subsequently in step SIO, the stored contents after the 
elapse of a predetermined time were erased from the 
storage in the use information storing unit 22 . In 
20 step Sll, the pair of organic information and ID 

information which were inputted and stored at this time 
is stored together with the time information, A series 
of processes in association with the authentication 
demand in this instance is finished. 
25 The discriminating rules 4, 5, and 6 to 

discriminate the illegal access in the control unit 28 
of the illegal access discriminating system 16 of the 
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invention will now be described. The discriminating 
process of the illegal access in Fig. 15 relates to the 
case of using the discriminating rule 4. According to 
the discriminating rule 4, when a result of comparison 
5 between the ID information which is newly inputted and 
the ID information inputted in the past within a 
predetermined time with respect to the same terminal 
indicates dissidence, it is determined that there is 
the authentication demand by the illegal access person. 

10 It is a feature of the discriminating rule 4 that the 
collation of the organic information is not performed. 
By discriminating the illegal access from the ID 
information without collating the organic information, 
the burden on the illegal access discriminating process 

15 can be remarkably reduced. Among the attacks by the 

attackers, as shown in the illegal access 25-1 in Fig. 
3, there is a pattern such that the attacker 
continuously attacks while changing the ID information 
without changing the organic information from the 

20 specific user terminal. With respect to such an attack 
pattern like an illegal access 25-1 in Fig. 3, since 
the organic information is the same, it is not compared 
with the organic information inputted in the past but 
by detecting only a change in ID information, the 

25 attack by the attacker can be determined. The 

discriminating rule 4 which is applied to Fig. 15 is 
effective in the case where the telephone number. 




- 45 - 

network address, or the like of the user terminal which 
performed the authentication demand has been stored in 
the terminal address storing unit 48. 

The illegal access discriminating process to which 
5 the discriminating rule 4 is applied in Fig. 15 will 
now be described as follows. First in step SI, the 
organic information and ID information received by the 
service providing system 10 are obtained and stored 
into the organic information input storing unit 18 and 

=^ 

10 ID information input storing unit 20 and, further, the 
:% terminal address, for example, network address is 

.^^ obtained from the network communicating unit 52 and 

" stored into the terminal address storing unit 48 . 

s 

Subsequently, the ID information sent from the 

U — j-i" tn ^ — 

ry 15 same terminal within a predetermined .te rm i n a l is 

rj% collated in step S2. In this case, as shown in Fig. 

13, in the terminal address storing unit 48, for 
example, the ID information in the use information 
storing unit 22 corresponding to the same terminal 
20 address Al until a point of a predetermined time (T = 
15 minutes) in which the present time t5 is used as a 
reference is referred to. Since the attack in this 
instance presumes the pattern like an illegal access 
25-1 in Fig. 3, the ID information which is obtained 
25 from the use information storing unit 22 within the 

predetermined time Tl from the same terminal address Al 
is so different to be IDl, ID2, ID3, ID4, .... 
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Therefore, whether "the ID information does not coincide 
or not is discriminated in step S3. If it does not 
coincide, step S4 follows and it is determined that 
there is the attack from the attacker, and this fact is 
notified to the service providing system 10. The 
subsequent processes are substantially the same as 
those in steps S8 and S9 and subsequent steps in Figs. 
14A and 14B. 

Fig. 16 is a flowchart for an illegal access 
discriminating process in the case where the 
discriminating rule 5 is applied to, for example, the 
control unit 28 in the fourth embodiment of Fig. 13. 
According to the discriminating rule 5, whether the 
past ID information has a serial number for the 
inputted ID information or not is discriminated and, 
when it has the serial number, the authentication 
demand by the illegal access person is determined up to 
a predetermined number of times. When the new inputted 
and stored ID information is received, if the ID 
information has the serial number with reference to the 
ID information inputted in the past, a possibility such 
that there is the attack from the attacker is further 
high. This is because there is considered a case where 
the attacker attacks while sequentially changing the ID 
number by using the computer. Therefore, by examining 
whether the ID numbers inputted have the serial number 
or not by the discriminating rule 5, the user has a 



confidence indicative of the attack from the attacker, 
so that a probability about the illegal access is 
further improved. 

The illegal access discriminating process to which 
the discriminating rule 5 is applied in Fig. 16 will 
now be described as follows. First in step SI, the 
organic information and ID information received by the 
service providing system 10 are obtained, inputted, and 
stored. In step S2, the inputted and stored ID 
information is compared with a predetermined number of 
ID information which was continuously inputted in the 
past and stored in the use information storing unit 22. 
Whether the ID information has the serial number or not 
is discriminated in step S3. If YES, it is determined 
that there is the attack due to the authentication 
demand from the attacker by the illegal access person 
in step S4 and it is notified to the service providing 
system 10. Processes in step S5 and subsequent steps 
are substantially the same as those in Fig. 15. 

Fig. 17 is a flowchart using the discriminating 
rule 6 which is applied to the discrimination about the 
illegal access by the control unit 28 in the fourth 
embodiment of Figs. 12A and 12B. According to the 
discriminating rule 6, when the inputted organic 
information and the organic information inputted in the 
past coincide, the other combinations in which the 
organic information coincides and the ID information 
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differs are detected, and when the number of 
combinations reaches a predetermined value, it is 
determined that there is the authentication demand by 
the illegal access person. The discriminating rule 6 
5 can be regarded as a modification of the discriminating 
rule shown in Fig. 3. That is, in the discriminating 
rule shown in Fig. 3, when any of the conditions such 
that the organic information coincides and the ID 

E_ : 

information does not coincide is satisfied, it is 
?ii 10 determined that there is the authentication demand by 

: sr 

^ :j the illegal access person. On the other hand, 

'1% according to the discriminating rule 6, when the number 

of conditions of the discriminating rule 1 reaches a 
predetermined number or more, it is determined that 

15 there is the authentication demand by the illegal 
%3 access person. The discriminating rule 6 is provided 

to avoid a situation such that in the legal user merely 
erroneously input the ID information instead of a case 
where the attacker intends to illegally access, it is 

20 erroneously determined that there is the authentication 
demand by the illegal access person. Specifically 
speaking, it is assumed that the illegal access 25-1 in 
Fig. 3 is not performed by the attacker but occurs in 
the case where the legal user erroneously input the ID 

25 information and retries the input. In this case, now 
assuming that the number of times of different ID 
information at which it is determined to be the illegal 
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access is set to, for example, the erroneous input 
of the ID information by the legal user is permitted up 
to (N + 1) times. Now, assuming that the number of 
times of dissidence of the ID information at which it 
is determined to be the illegal access is set to, for 
example , N = 3 , the erroneous input by the legal user 
can be permitted up to (N + 1 = 4) times. Therefore, 
if the user continuously erroneously input the ID 
information four times like an illegal access 25-1 in 
Fig. 3, the number of times of dissidence of the ID 
information is equal to 0 at time tl, 1 at time t2, 2 
at time t3, and 3 at time t4 from the storage contents 
in the use information storing unit 22 corresponding to 
such a mistake. The erroneous input by the legal user 
is permitted until this time point. If the input of 
the ID information is mistaken once more, the number of 
times of dissidence based on the ID information stored 
in the use information storing unit 22 is equal to 4. 
At this time point, it is erroneously determined that 
there is the authentication demand by the illegal 
access person. The illegal access discriminating 
process to which the discriminating rule 6 is applied 
will now be described as follows with reference to a 
flowchart of Fig. 17. First in step SI, the organic 
information and ID information in association with the 
authentication demand of the user received by the 
service providing system 10 are obtained, inputted, and 



- 50 - 

stored. In step S2, the inputted and stored organic 
information is collated with all of the past organic 
information. Whether there is any storage pair in 
which the organic information coincides and the ID 
5 information differs exists or not is discriminated in 
step S3. If there is the storage pair which satisfies 
this condition, step S4 follows and whether the number 
of relevant combinations is equal to or larger than N 
or not is discriminated. If it is less than N, it is 
^71 10 determined that the re-input due to the mistake of the 

s ^ 
s w; 

ID information by the legal user. In step S7, it is 
^5 decided to be the normal use and this fact is notified 

: to the system. If the number of combinations is equal 

C3 to or larger than N, step S5 follows, it is decided 

fU 15 that there is the attack from the attacker, and this 

fact is notified to the service providing system. 
Further, an alarm signal is generated to the system 
administrator in step S6. Processes in steps S8 and S9 
are the same as those in steps S7 and S8 in Fig. 16. 
20 According to the invention as mentioned above, the 

pair of ID number and organic information of the user 
for the authentication demand which are inputted to the 
service providing system is compared with the storage 
pairs of the ID information and organic information 
25 which were inputted in the past, thereby presuming and 
discriminating whether the attack of the illegal access 
from the attacker has been performed or not. If it is 
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determined that: there is a possibility of the attack 
from the attacker, a fact that there is the attack from 
the attacker is notified to the service providing 
system as an attack target, thereby allowing the system 
5 to take a proper defensive measure. 

Since the organic information is peculiar to the 
individual, when the illegal access is decided, by 
logging the identity information of the attacker, a 

'^i^ countermeasure against the attack from the next 

— 

10 attacker can be performed and an effective clue in a 

^'J criminal investigation can be given. The security of 

"•4 

^ the system which provides services in response to the 

accesses from a number of users can be remarkably 
;S raised. 

y 15 Although the above embodiments relate to the cases 

g of individually applying the discriminating rules 1 to 

6 to the discrimination of the illegal access in the 
control unit as examples, it is also possible to 
discriminate the illegal access by properly combining 
20 those discriminating rules. 

Although the above embodiments have been described 
with respect to the case of using the fingerprint as 
organic information as an example, the illegal access 
can be also similarly discriminated with respect to 
25 organic information that is peculiar to each individual 
such as voiceprint, iris pattern, retina blood vessel 
pattern, palm shape, ear shape, face, and the like as 
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organic information other than the fingerprint. 

Further, the invention incorporates all of proper 
modifications and variations within the scope of the 
invention without departing from the objects and 
advantages of the invention. The invention is not 
limited by the numerical values shown in the above 
embodiments . 



